Following this month’s updates to both the HD and 4K models of Chromecast with Google TV, a group of LineageOS developers have shared the details of a (now-patched) exploit that enabled rooting the dongle by entirely bypassing Android Verified Boot.
One of the goals of LineageOS, an independently developed Android ROM, is to support older Android devices longer than their original manufacturers choose to while also offering a cleaner, more customizable experience. Some devices, like Google’s Pixel series, allow owners to easily unlock the bootloader and install a ROM like LineageOS, but most others are locked and require some ingenuity.
Google’s pair of Chromecast with Google TV dongles fall into the latter camp despite the inclusion of an “OEM unlocking” switch when the newer HD model launched. Having previously found success in modding the Chromecast with Google TV (4K), LineageOS contributors Nolen Johnson and Jan Altensen, with assistance from Ray Volpe, turned their attention to the HD version.
Their findings have been published today and are well worth a read for the technically inclined. Johnson told 9to5Google that parts of the discovered exploit impacted all Google hardware powered by an Amlogic chip, not just the Chromecast with Google TV (HD).
Before we dig into the details, there are a few important things to note. First, the exploit was properly reported to Google and was patched in the most recent update. The company has also enabled “Anti-Rollback” protection to ensure Chromecasts can’t be made vulnerable again. So if you’re interested in modding your Chromecast with Google TV – which is a trickier process than simply running ADB commands – you’ll want to make sure that the update does not install.
Google is enforcing these protections due to the severity of the exploit. Typically, when one unlocks the bootloader to root/mod an Android device, a factory reset is enforced to protect your private data. By contrast, the exploit chain found by Johnson, Altensen, and Volpe is able to trick Android Verified Boot into thinking nothing has been modified, meaning it can gain root access without wiping your data. Suffice it to say this is a critical security and privacy flaw.
That said, there’s no need to be worried about an attacker using this particular exploit without your knowledge. Beyond the fact that Google has already rolled out a fix, the exploit (initially) requires physically modifying the hardware of the Chromecast. The process isn’t too in-depth for an individual wanting to mod their own gadgets, but it’s certainly too much for a would-be hacker.
If you’re not afraid of a bit of wiring and solder, the trio has offered some diagrams and instructions on how to attempt this mod for yourself. Meanwhile, the group is currently working on getting LineageOS running properly on the Chromecast with Google TV (HD), but it will likely still be a while before the ROM becomes formally available.
FTC: We use income earning auto affiliate links. More.
Comments